cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-23563,https://securityvulnerability.io/vulnerability/CVE-2024-23563,Sensitive Information Disclosure in HCL Connections Docs Software,"HCL Connections Docs is susceptible to a vulnerability that allows unauthorized users to access sensitive information due to improper handling of request data. This flaw may lead to potential data breaches, revealing confidential information that users should not have access to, thereby compromising user privacy and the overall integrity of the application.",HCL Software Software,Connections Docs,3.9,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-12T13:47:51.296Z,0
CVE-2024-42207,https://securityvulnerability.io/vulnerability/CVE-2024-42207,Session Fixation Vulnerability in HCL iAutomate,"HCL iAutomate is susceptible to a session fixation vulnerability, which allows attackers to hijack a victim's authenticated session by exploiting their session ID. By manipulating session IDs during the authentication process, an attacker can gain unauthorized access to sensitive information. This poses significant security risks for users as their ongoing sessions may be compromised without their knowledge.",HCL Software Software,Iautomate,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-05T15:11:01.319Z,0
CVE-2024-42187,https://securityvulnerability.io/vulnerability/CVE-2024-42187,Path Traversal Vulnerability in BigFix Patch Download Plug-ins by HCL Software,"The BigFix Patch Download Plug-ins are susceptible to a path traversal vulnerability that allows unauthorized access to files in the local repository. This could enable nefarious actors to craft specially designed requests, potentially exposing sensitive data and compromising system integrity. Organizations using these plug-ins should implement immediate measures to mitigate this risk and ensure the security of their environment.",HCL Software Software,Bigfix Patch Management Download Plug-ins,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-23T02:53:07.305Z,0
CVE-2024-42186,https://securityvulnerability.io/vulnerability/CVE-2024-42186,Insecure Protocol Support Vulnerability in BigFix Patch Download Plug-ins by HCL Software,"The BigFix Patch Download Plug-ins from HCL Software are susceptible to an insecure protocol support vulnerability. This issue arises from improper handling of SSL certificate validation, potentially allowing attackers to exploit data transmitted over insecure channels, posing a risk to the integrity and confidentiality of sensitive information.",HCL Software Software,Bigfix Patch Management Download Plug-ins,2.8,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T02:47:40.896Z,0
CVE-2024-42185,https://securityvulnerability.io/vulnerability/CVE-2024-42185,XML Injection Vulnerability in BigFix Patch Download Plug-ins by HCL Software,"The BigFix Patch Download Plug-ins from HCL Software are vulnerable to an XML injection flaw, allowing attackers to inject malicious XML. This could lead to serious consequences such as denial of service and unauthorized access to sensitive systems. Users are advised to review their security measures and apply the necessary updates to mitigate risks.",HCL Software Software,Bigfix Patch Management Download Plug-ins,2.5,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T02:10:02.525Z,0
CVE-2024-42184,https://securityvulnerability.io/vulnerability/CVE-2024-42184,Insecure File URI Scheme in BigFix Patch Download Plug-ins by HCL Software,"The BigFix Patch Download Plug-ins from HCL Software are susceptible to vulnerabilities arising from insecure support for the file URI scheme. This flaw could enable an attacker to exploit the system by attempting to download files using the 'file://' URI scheme, potentially leading to unauthorized file access or system compromise. Organizations using this software should evaluate their security posture and apply necessary mitigations.",HCL Software Software,Bigfix Patch Management Download Plug-ins,2.5,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T01:59:00.971Z,0
CVE-2024-42183,https://securityvulnerability.io/vulnerability/CVE-2024-42183,Arbitrary File Download Vulnerability in HCL BigFix Patch Download Plug-ins,"The HCL BigFix Patch Download Plug-ins are susceptible to an arbitrary file download vulnerability. This flaw enables a malicious actor to download files from any URL without adequate validation or allowlist controls, potentially compromising system integrity and security. Organizations utilizing these plug-ins must address this issue to prevent unauthorized access to sensitive data. For resolution and further details, refer to HCL's support resources.",HCL Software Software,Bigfix Patch Management Download Plug-ins,2.5,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T01:42:47.496Z,0
CVE-2024-42182,https://securityvulnerability.io/vulnerability/CVE-2024-42182,Server-Side Request Forgery in HCL BigFix Patch Download Plug-ins,"The HCL BigFix Patch Download Plug-ins are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This security flaw could enable an attacker to exploit the application, potentially allowing it to download files from an internally hosted server on localhost. Such vulnerabilities can lead to significant data breaches and unauthorized access to sensitive information, making it crucial for organizations to address this issue promptly.",HCL Software Software,Bigfix Patch Management Download Plug-ins,2.5,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-23T01:05:52.350Z,0
CVE-2024-42181,https://securityvulnerability.io/vulnerability/CVE-2024-42181,Cleartext Transmission Vulnerability in HCL MyXalytics,"HCL MyXalytics contains a vulnerability where sensitive information is transmitted in cleartext, allowing unauthorized individuals to intercept and exploit this data. This flaw poses a significant risk to the confidentiality and integrity of sensitive communications, emphasizing the need for secure transmission methods to safeguard user information from potential breaches.",HCL Software Software,Dryice Myxalytics,1.6,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-12T22:04:37.495Z,0
CVE-2024-42180,https://securityvulnerability.io/vulnerability/CVE-2024-42180,Malicious File Upload Vulnerability in HCL MyXalytics Application,"HCL MyXalytics is susceptible to a file upload vulnerability that enables attackers to upload and potentially execute malicious files. The application inadequately validates file types, which includes the acceptance of disallowed formats, double extensions, null bytes, and special characters. This flaw can lead to unauthorized access and execution of harmful scripts, jeopardizing the integrity and security of the application and its underlying systems.",HCL Software Software,Dryice Myxalytics,1.6,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-12T21:53:03.369Z,0
CVE-2024-42179,https://securityvulnerability.io/vulnerability/CVE-2024-42179,Sensitive Information Disclosure in HCL MyXalytics,"HCL MyXalytics is vulnerable to a sensitive information disclosure issue, where the server's HTTP response header incorrectly exposes details regarding the Microsoft-HTTP API/2.0. This can lead to potential information leakage about the server configuration, which may assist malicious actors in exploiting the system further.",HCL Software Software,Dryice Myxalytics,2,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-12T21:46:39.992Z,0
CVE-2024-42175,https://securityvulnerability.io/vulnerability/CVE-2024-42175,Weak Input Validation in HCL MyXalytics Exposes Applications,"HCL MyXalytics has a vulnerability characterized by weak input validation, allowing the input of special characters without proper length checks. This oversight opens the door to various security threats, including SQL injection, cross-site scripting (XSS), and buffer overflow attacks, potentially compromising the integrity and confidentiality of the application.",HCL Software Software,Dryice Myxalytics,2.6,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T07:20:57.617Z,0
CVE-2024-42174,https://securityvulnerability.io/vulnerability/CVE-2024-42174,Username Enumeration Vulnerability in HCL MyXalytics Software,"HCL MyXalytics is susceptible to a username enumeration vulnerability that enables attackers to exploit the application by systematically validating usernames. This flaw allows unauthorized users to compile a list of existing usernames, potentially facilitating further attacks such as credential stuffing and targeted phishing. To safeguard sensitive information, organizations using HCL MyXalytics should implement appropriate countermeasures and ensure that their applications are properly secured against such enumeration techniques.",HCL Software Software,Dryice Myxalytics,3.7,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T07:04:24.964Z,0
CVE-2024-42173,https://securityvulnerability.io/vulnerability/CVE-2024-42173,Improper Password Policy in HCL MyXalytics Allows Brute-Force Attacks,"HCL MyXalytics has a vulnerability related to improper implementation of its password policy. This flaw enables attackers to exploit weak password choices and the absence of account lockout mechanisms, making it feasible to guess or conduct brute-force attacks on user accounts when the corresponding username is known. Organizations using HCL MyXalytics should review their password policies and consider implementing stronger password requirements and lockout protocols to mitigate this risk.",HCL Software Software,Dryice Myxalytics,4.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T06:54:33.550Z,0
CVE-2024-42172,https://securityvulnerability.io/vulnerability/CVE-2024-42172,Broken Authentication in HCL MyXalytics Exposes Sensitive Data,"HCL MyXalytics is impacted by a broken authentication vulnerability that permits attackers to seize keys, passwords, and session tokens. This flaw may result from suboptimal configurations, logic flaws, or software issues, creating conditions for unauthorized access and potential identity theft. Applications with access control, including databases, network infrastructure, and web applications, may be affected, leaving sensitive information vulnerable to exploitation.",HCL Software Software,Dryice Myxalytics,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T06:44:28.808Z,0
CVE-2024-42171,https://securityvulnerability.io/vulnerability/CVE-2024-42171,Session Fixation Vulnerability in HCL MyXalytics Software,HCL MyXalytics contains a session fixation vulnerability that allows cybercriminals to manipulate a user's login session by sending specially crafted URLs containing a session token. This could potentially lead to unauthorized access to sensitive information as attackers can hijack active sessions and exploit user credentials without proper authentication.,HCL Software Software,Dryice Myxalytics,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T06:31:24.165Z,0
CVE-2024-42170,https://securityvulnerability.io/vulnerability/CVE-2024-42170,Session Fixation Vulnerability in HCL MyXalytics Platform,"HCL MyXalytics is susceptible to a session fixation vulnerability, allowing cyber criminals to exploit this flaw by sending specially crafted URLs that include a session token. If a victim unwittingly clicks such a link, an attacker can hijack the user's login session, potentially gaining unauthorized access to sensitive information. This poses a significant risk to user data security, necessitating prompt awareness and mitigation strategies.",HCL Software Software,Dryice Myxalytics,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T06:17:20.606Z,0
CVE-2024-42168,https://securityvulnerability.io/vulnerability/CVE-2024-42168,Out-of-Band Resource Load Vulnerability in HCL MyXalytics,"The HCL MyXalytics platform is vulnerable to an out-of-band resource load vulnerability. This flaw allows an attacker to set up a web server that can deliver harmful content. Through this, they can trick the application into fetching and processing the malicious data, potentially compromising system integrity and user data.",HCL Software,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:15:00.000Z,0
CVE-2024-42194,https://securityvulnerability.io/vulnerability/CVE-2024-42194,Improper Permissions in HCL BigFix Inventory Could Lead to Unauthorized Configuration Changes,"The CVE-2024-42194 vulnerability arises from improper handling of insufficient permissions and privileges in HCL BigFix Inventory. This flaw allows an attacker, who possesses only a read-only account, to execute a specially crafted REST API call, potentially enabling them to modify specific configuration parameters. Such unauthorized configuration changes could have significant implications for the security posture and operational integrity of affected systems.",HCL Software,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-17T18:15:00.000Z,0
CVE-2024-30129,https://securityvulnerability.io/vulnerability/CVE-2024-30129,Host Header Manipulation Vulnerability in HCL Software Products,"A vulnerability exists due to improper handling of the HTTP host header within HCL Software applications. This flaw allows an attacker to manipulate the host header, potentially redirecting traffic to unintended domains or IP addresses. Such behavior can lead to various security issues, including unauthorized access or data exposure. Organizations utilizing affected HCL products must assess their systems and take corrective measures to mitigate this risk.",HCL Software,HCL Software Applications,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-06T16:15:00.000Z,0
CVE-2024-42196,https://securityvulnerability.io/vulnerability/CVE-2024-42196,Sensitive Information Exposure in HCL Launch,"The vulnerability involves HCL Launch's handling of sensitive information, which is logged in files accessible through HTTP request logs. Local users with access to these logs can read potentially sensitive data, leading to significant security risks. It is critical for organizations using HCL Launch to implement proper logging controls and limit access to log files to mitigate this risk. Users and administrators are advised to review their logging configurations and consider additional protective measures to enhance data security.",HCL Software,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-06T15:15:00.000Z,0
CVE-2024-42195,https://securityvulnerability.io/vulnerability/CVE-2024-42195,HCL DevOps Deploy/Launch Vulnerable to HTML Injection,HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.,Hcl Software,Devops Deploy /  Launch,3.1,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T04:47:28.191Z,0
CVE-2024-42188,https://securityvulnerability.io/vulnerability/CVE-2024-42188,Broken Access Control in HCL Connections by HCL Software,"HCL Connections exposes a broken access control vulnerability that could enable unauthorized users to manipulate data under specific circumstances. This security flaw can compromise the integrity of user information, making it crucial for affected parties to assess and implement protective measures promptly. Ensure that your systems are updated to the latest versions to mitigate the risks associated with this issue.",HCL Software,HCL Connections,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T16:15:00.000Z,0
CVE-2024-30142,https://securityvulnerability.io/vulnerability/CVE-2024-30142,Insecure Cookie Flag Leaves BigFix Compliance Vulnerable to XSS Attacks,"HCL BigFix Compliance is affected by a missing secure flag on a cookie.  If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.",Hcl Software,Bigfix Compliance,3.8,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T08:58:42.811Z,0
CVE-2024-30141,https://securityvulnerability.io/vulnerability/CVE-2024-30141,Error Messages Expose Sensitive Information in HCL BigFix Compliance,"HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information.  Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.",Hcl Software,Bigfix Compliance,4.7,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T08:36:13.573Z,0